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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address » 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 15 May 2001 . 
2a)Q This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle t 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 15 May 2001 is/are: a)D accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .D Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 
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Paper No(s)/Mail Date 08/06/01: 3/29/02 . 



4) □ Interview Summary (PTO-413) 
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5) □ Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 05152001 



Application/Control Number: 09/855,818 Page 2 

Art Unit: 2133 

DETAILED ACTION 

1 . Claims 1-16 have been examined. 

Drawings 

2. The drawings are objected to because figures 1-15 do not have reference numbers for 
each item. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply 
to the Office action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. The figure or figure number of an amended drawing 
should not be labeled as "amended." If a drawing figure is to be canceled, the appropriate figure 
must be removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several views of the 
drawings for consistency. Additional replacement sheets may be necessary to show the 
renumbering of the remaining figures. The replacement sheet(s) should be labeled "Replacement 
Sheet" in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the 
drawing figures. If the changes are not accepted by the examiner, the applicant will be notified 
and informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) 
and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 
4. Claims 1-3 and 9-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Smith, R. N. et al. ("Operating Firewalls Outside the LAN Perimeter") in view of Vu United 
States Letters Patent Number 5,623,601. 
As per claim 1 : 

Smith et al. disclose a method for protecting publicly accessible network computer 
services from undesirable network traffic in real-time, the method comprising: 

analyzing the network traffic to identify an undesirable user of the services; and (Page 
494, Col. 1, Parag. 2 and Page 497, Col. 2, Parag. 1) 

limiting access of the undesirable user to the services to protect the services. (Page 496, 
Col. 2, Parag. 3 and Page 498, Col. 1; Parag. 1) 

Smith et al. do not explicitly disclose receiving network traffic destined for the services. 

Vu in analogous art, however, discloses receiving network traffic destined for the 
services. (Col. 4, lines 22-25) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Smith et al. to include receiving 
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network traffic destined for the services. This modification would have been obvious because a 
person having ordinary skill in the art would have been motivated to do so in order to provide a 
secure system to protect the network system from all incoming network traffic. 
As per claim 2: 

Both Smith et al. and Vu teach the subject matter as described above. In addition, Smith 
et al. disclose a method wherein the undesirable network traffic includes denial of service 
attacks. (Page 494, Col. 2, Para. 6) 
As per claim 3: 

Both Smith et al. and Vu teach the subject matter as described above. In addition, Smith 
et al. disclose a method wherein the network is the Internet. (Page 493, Col. 1, Para. 1 and 2) 
As per claim 9: 

Smith et al. disclose a system for protecting publicly accessible network computer 
services from undesirable network traffic in real-time, the system comprising: an interface for 

a analysis engine for analyzing the network traffic to identify an undesirable user of the 
services; and (Page 494, Col. 1, Parag. 2 and Page 497, Col. 2, Parag. 1) 

a forwarding engine in communication with the analysis engine for limiting access of the 
undesirable user to the services to protect the services. (Page 496, Col. 2, Parag. 3 and Page 498, 
Col. 1; Parag. 1) 

Smith et al. do not explicitly disclose receiving network traffic destined for the services. 
Vu in analogous art, however, discloses receiving network traffic destined for the 
services. (Col. 4, lines 22-25) 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Smith et al. to include receiving 
network traffic destined for the services. This modification would have been obvious because a 
person having ordinary skill in the art would have been motivated to do so in order to provide a 
secure system to protect the network system from all incoming network traffic. 
As per claim 10: 

Both Smith et al. and Vu teach the subject matter as described above. In addition, Smith 
et al. disclose a system wherein the undesirable network traffic includes denial of service attacks. 
(Page 494, Col. 2, Para. 6) 
As per claim 1 1 : 

Both Smith et al. and Vu teach the subject matter as described above. In addition, Smith 
et al. disclose a method wherein the network is the Internet. (Page 493, Col. 1, Para. 1 and 2) 
5. Claims 4-7 and 12-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Smith, R. N. et al. ("Operating Firewalls Outside the LAN Perimeter") in view of Vu United 
States Letters Patent Number 5,623,601 and further in view of Combar et al. United States 
Letters Patent Number 6,470,386. 
As per claim 4: 

Both Smith et al. and Vu teach the subject matter as described above. Neither of the 
references explicitly disclose a method comprising generating one or more user profiles from the 
network traffic wherein the step of analyzing includes the step of comparing the one or more user 
profiles with a predetermined profile to determine the undesirable user. 
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Combar et al. in analogous art, however, disclose a method further comprising generating 
one or more user profiles from the network traffic wherein the step of analyzing includes the step 
of comparing the one or more user profiles with a predetermined profile to determine the 
undesirable user. (Col. 1, lines 62-63) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Smith et al. and Vu to include a 
method further comprising generating one or more user profiles from the network traffic wherein 
the step of analyzing includes the step of comparing the one or more user profiles with a 
predetermined profile to determine the undesirable user. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so in 
order to protect the system by comparing the generated user profile. This way, the system will 
check for already existing undesirable profiles user in order to limit access to the network. 
As per claim 5: 

Smith et al, Vu and Combar et al. teach the subject matter as described above. In 
addition, Combar et al. disclose a method wherein the step of generating the one or more user 
profiles includes the step of generating request statistics for the user from the network traffic. 
(Col. 1, lines 49-52) 
As per claim 6: 

Smith et al., Vu and Combar et al. teach the subject matter as described above. In 
addition, Combar et al. disclose a method wherein the request statistics include connection 
statistics and service request distributions. (Col. 1, lines 23-28) 
As per claim 7: 
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Smith et al., Vu and Combar et al. teach the subject matter as described above. In 
addition, Smith et al. further disclose a method wherein the network is the Internet and wherein 
the step of generating request statistics includes the steps of collecting and correlating Border 
Gateway Protocol (BGP) data from the Internet to obtain the service request distributions. (Page 
497, Col. 1, Parag. 2 ; and Col. 2, Parag. 2) 
As per claim 12: 

Both Smith et al. and Vu teach the subject matter as described above. Neither of the 
references explicitly disclose a system comprising forwarding engine generating one or more 
user profiles from the network traffic wherein the step of analyzing includes the step of 
comparing the one or more user profiles with a predetermined profile to determine the 
undesirable user. 

Combar et al. in analogous art, however, disclose a system further comprising forwarding 
engine generating one or more user profiles from the network traffic wherein the step of 
analyzing includes the step of comparing the one or more user profiles with a predetermined 
profile to determine the undesirable user. (Col. 1, lines 62-63) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Smith et al. and Vu to include a 
method further comprising generating one or more user profiles from the network traffic wherein 
the step of analyzing includes the step of comparing the one or more user profiles with a 
predetermined profile to determine the undesirable user. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so in 
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order to protect the system by comparing the generated user profile. This way, the system will 
check for already existing undesirable profiles user in order to limit access to the network. 
As per claim 13: 

Smith et al., Vu and Combar et al. teach the subject matter as described above. In 
addition, Combar et al. disclose a system wherein the forwarding engine generates the user 
profile by generating request statistics for the user from the network traffic. (Col. 1, lines 49-52) 
As per claim 14: 

Smith et al., Vu and Combar et al. teach the subject matter as described above. In 
addition, Combar et al. disclose a system wherein the request statistics include connection 
statistics and service request distributions. (Col. 1, lines 23-28) 
As per claim 15; 

Smith et al., Vu and Combar et al. teach the subject matter as described above. In 
addition, Smith et al. further disclose a system wherein the network is the Internet and wherein 
the forwarding engine collects and correlates Border Gateway Protocol 

(BGP) data from the Internet to obtain the service request distributions. (Page 497, Col. 1, Parag. 
2; and Col. 2, Parag. 2) 

6. Claims 8 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Smith, R. 
N. et al. ("Operating Firewalls Outside the LAN Perimeter") in view of Vu United States Letters 
Patent Number 5,623,601 in view of Combar et al. United States Letters Patent Number 
6,470,386 and further in view of Nessett et al. United States Letters Patent Number 5,968,176. 
As per claim 8: 
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Smith et al., Vu and Combar et al. teach the subject matter as described above. Neither of 
the references explicitly disclose a method wherein the step of correlating includes the step of 
identifying a topologically clustered set of machines in the Internet based on the data and 
wherein the service request distributions are generated from the set of machines. 

Nessett et al. in analogous art, however, disclose a method wherein the step of 
correlating includes the step of identifying a topologically clustered set of machines in the 
Internet based on the data and wherein the service request distributions are generated from the 
set of machines. (Col. 4, lines 7-17 and lines 28-45) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Smith et al., Vu and Combar et 
al to include a method wherein the step of correlating includes the step of identifying a 
topologically clustered set of machines in the Internet based on the data and wherein the service 
request distributions are generated from the set of machines. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so in 
order to identify and redirect undesirable network traffic. 
As per claim 16: 

Smith et al., Vu and Combar et al. teach the subject matter as described above. Neither of 
the references explicitly disclose a system wherein wherein the forwarding engine identifies a 
topologically clustered set of machines in the Internet based on the data and wherein the service 
request distributions are generated from the set of machines. 

Nessett et al. in analogous art, however, disclose a system wherein the forwarding engine 
identifies a topologically clustered set of machines in the Internet based on the data and wherein 
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the service request distributions are generated from the set of machines. (Col. 4, lines 7-17 and 
lines 28-45) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Smith et ah, Vu and Combar et 
al to include a method wherein the step of correlating includes the step of identifying a 
topologically clustered set of machines in the Internet based on the data and wherein the service 
request distributions are generated from the set of machines. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so in 
order to identify and redirect undesirable network traffic. 

7. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. Glawitsch U.S. 6,772,334 

This reference pertains to system and method for preventing a spoofed denial of service 
attack in a networked computing environment. 

b. Belissent U.S. 6,789,203 

This reference pertains to preventing a DoS attack without notifying the DoS attacker. 

c. Shipley U.S. 6,119,236 

This reference pertains to an intelligent network device operates in a local area network. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272-4219. 
The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on 571-272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Shewaye Gelagay 

Examiner 

Art Unit 2133 



